axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raghu Udupa" <rud...@easylink.com>
Subject signature verification failing
Date Mon, 06 Oct 2008 22:21:01 GMT
Hi,

 

I am using axis2_http_server distributed with axis2c release as the
server. Both web services client and http_server are running on same
Linux server. Both client and server have separate AXIS2C_HOME
locations. I am trying to test the signature verification feature.

 

Client's policy.xml settings

 

Signature related settings are as below;

            <rampc:RampartConfig
xmlns:rampc="http://ws.apache.org/rampart/c/policy">

 
<rampc:ReceiverCertificate>/usr/local/CA/svccert.pem</rampc:ReceiverCert
ificate>

 
<rampc:Certificate>/usr/local/CA/clientcert.pem</rampc:Certificate>

 
<rampc:PrivateKey>/usr/local/CA/clientkey.pem</rampc:PrivateKey>

            </rampc:RampartConfig

 

Service.xml for the service

 

Signature related settings at the service are as below;

 

                <rampc:RampartConfig
xmlns:rampc="http://ws.apache.org/rampart/c/policy">

 
<rampc:Certificate>/usr/local/CA/svccert.pem</rampc:Certificate>

 
<rampc:PrivateKey>/usr/local/CA/svckey.pem</rampc:PrivateKey>

                </rampc:RampartConfig>

 

Certificate Generation

 

I used following steps to generate a pair of certificates clientcert.pem
and clientcert.key for the web services client and svccert.pem and
svccert.key for the service. I used CA.pl distributed with opnssl
package for generation of the certificate

1.	Create the directory for CA and copy CA.pl and openssl.cnf files
2.	Create a certificate authority -- sudo ./CA.pl -newca  
3.	create new key file using sudo openssl req -x509 -nodes -days
365 -newkey rsa:1024 -keyout newkey.pem -out newreq.pem
4.	create a certificate request file using sudo openssl req -new
-key newkey.pem -out newreq.pem
5.	sign the certificate using sudo ./CA.pl -sign
6.	I repeated steps 2 through 5 to generate clientcert.pem and
svccert.pem

 

Separately, I also tried using CA.pl options CA.pl sudo ./CA.pl -newreq
and sudo ./CA.pl -sign to generate certificates for testing.

 

On both attempts as well as on other tests, I am getting OXS ERROR
[xml_signature.c:687 in oxs_xml_sig_verify_sign_part] Signature
verification failed, Digest verification failed for node Id=
#SigID-c878c702-93e6-1dd1 error.

 

Could you tell me what I am doing incorrectly? I appreciate your help in
resolving this issue.

 

Regards,

Raghu Udupa


Mime
View raw message